Calling Computer Tech Savy individuals

[easysurfer]

rkser,

Have you tried resetting your internet explorer browser? Maybe that will work?

http://www.ehow.com/info_10004342_internet-explorer-redirecting-ad-pages.html

Of course, any add-ins you'll have to reinstall, but it may stop the redirect.

 

[Buckeye]

I had the virus about a year ago and found the solution by following a thread on some techie chat board. I think the solution involved ComboFix. I had to delete or type some things into my registry that was a little scary but I figured nothing ventured, nothing gained. I immediately purchased a 3 year Carbonite subscription after that.

 

[target2019]

Sorry to hear of your travails rkser.

Any idea how you got this thing on your machine? I'm hoping to avoid any such encounter.

Even though it is commonly called Google Redirect Virus, that is really a misnomer. The symptom is a redirect of search, but what delivered the problem was a virus or malware package. This link shows that.

The link I posted a few messages back is what has worked for me. Briefly, reboot to safe mode, install a/v software and malwarebytes. Empty caches. Scan with both. Revert the hosts file. Reboot to normal mode. Scan again. Check browser addins, and turn off suspicious.

In the situations I've encountered the redirect, it was delivered by a fake pc scanner package. Something will popup while you're working, and look believable. So the user clicks ok, I want to fix this, and you've given permission for the download. Your a/v may stop all or part of this from happening. In some cases I've just had to clean up the result, meaning remove browser addin, revert the hosts file, etc.

 

[rkser]

Replying to some of the above posts -

Any idea how you got this thing on your machine? I'm hoping to avoid any such encounter. ??

-- No idea

-----------------------------------------------------

Have you tried resetting your internet explorer browser? Maybe that will work??

I have done that, although I mostly have been using Mozilla

--------------------------------------------------------------

I immediately purchased a 3 year Carbonite subscription after that.

- I have Carbonite, but just the thought of restoring a zillion files is not appealing, but if these attempts do not succeed I may end up doing that after a OS reinstall

--------------------------------------------------------------

I have sent in the scanned data of my laptop to 1)Bleeping Computer and 2)Smartest Computing . I am hoping some one on these two forums may be able to help.

Thanks for the support guys

 

[MichaelB]

OS reinstall is a hassle. Hope one of those websites can help you gid rid of the pest. Good luck and keep us posted.

 

[rbmrtn]

You're reaching the point where you might have to reinstall for the sake of time. This is why if you take it to a PC shop, they will nuke it and reinstall. You can't pay $100/hr for some one to search for days trying to remove a virus.

I spend half my time removing this sort of crap from PCs. Without being able to see the specifics on your PC it's hard to give specific guidance. Malware bytes is excellent combofix is like a last resort before reinstall but both usually work.

Try another browser like chrome to see if it only is IE, it may be affecting jus IE.

Check for proxy settings, sometimes the redirectors turn on a proxy to do this. Check under internet options>connections tab>LAN settings>uncheck the box to use a proxy server, if checked.

It may have damaged your IP stack, you can reset by following this link using the netsh command.

How to reset Internet Protocol (TCP/IP)

There are way to setup your PC that make it fairly easy to reinstall but they don't come that way out of the box with wintendoze.

 

[scrabbler1]

I did not see anyone mention Spybot Search and Destroy. It is free and I have used it for years to remove bad stuff from my system and from my friends' systems.

Spybot - Search & Destroy from Safer Networking

 

[Buckeye]

Now that I see the name in one of your posts, the directions I followed were from the Bleeping Computer website/discussion board.

I followed the advice they had given someone else and it worked for me. I had spent many hours and was ready to give up but stumbled onto the solution. The directions had the warning "you can really mess up your computer if you do this wrong" but I took a deep breath, followed the instructions, and it worked.

As OP has mentioned, none of the AV software completed the job. I ran a ton of them.

 

[easysurfer]

For me, ususally a clean system lasts about 1 to 2 years. Sometimes it's time for a reinstall. Not a reinstall from scratch as I keep drive images of my system that I consider as clean. (Images kept on an external drive). For example, no need to reinstall from scratch and the apply Service Pack 2 again when I already have an image of Service Pack 2 already there. I remember about a year or so ago and I this keylogger on my system. For the life of me, I couldn't get rid of that. After trying for days, I had to just roll up my sleeves and do a restore from a clean image.


The most important stuff really is the data and not the OS.

 

[neihn]

Thanks Target2019, Michael and other good souls trying to help,

So far I have tried these and counting -

....

I did not see you mention Microsoft security tools

Read this blog

Understanding Microsoft Anti-Malware Software 2012 ~ Security Garden

I suggest you try Microsoft SafetyScanner - I have good luck with this tool.

Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free

 

[rkser]

Try another browser like chrome
Check for proxy settings
IP stack, you can reset

- All the above done - Problem remains
---------------------------------------------------

Spybot Search and Destroy

- I have tried Spybot - With no success
---------------------------------------------------

I am going to try Microsoft Security now

Thanks for you help

 

[Corrine]

Read this blog

Understanding Microsoft Anti-Malware Software 2012 ~ Security Garden

Thank you for referring rkser to my blog post, neihn. Seeing the link is what brought me here.

So far I have tried these and counting -

- System Restore is not letting me go back enough days to avoid this,
- Malware Bytes
- Aol Computer Checkup
- McAffey
- TDSkiller
- Combofix - 2 times
- SpeedyPC Pro
-SuperAntispyware
- SZsetupAV from Stopzilla
- Emsisoft Anti Malware

Hi, rkser. I edited the quote of your post just to show the programs you've run to date. I suspect that the reason you have not yet been successful is because you don't know what to look for to remove, most particularly with ComboFix which should not be run without guidance.

I must also advise you not to start making changes to TDSSKiller as doing so can result in creating nothing more than a doorstop of your computer.

Although I am already a retiree, this does not appear to be the proper venue for analyzing logs. If you would like assistance, I would be happy to help at one of the forums where I handle malware removal.

I suggest that you register at either LandzDown.com or Sysnative.com and follow the log-posting instructions.

 

[rkser]

I suggest you try Microsoft SafetyScanner - I have good luck with this tool.

- After downloading the MS Security Essentials, it will not start when I double clicked on the Icon.

- Thanks Corrine for your reply, probably you are right , now that the correction procedures are getting more involved and complicated, I will take this discussion trying to get a FIX , to more technical resources.

I began posting on Bleeping Computer, Smartest Computing and some others.
Thanks for your offer and suggestion to get problem to the your above mentioned forums.

Thanks everybody who contributed to this thread and I will post back the result either way. I am taking this discussion elsewhere, best regards

 

[Corrine]

A bit of advice -- its best to just post at one site. You should be in good hands at Bleeping Computer.

 

[target2019]

Once gave advice to someone, and they decided to go for paid online advice elsewhere. They installed a lot of crap remotely. Some of it was malware.

Recommendation to follow one line of advice is a good one. This thread has many answers, but applying things in a methodical way is difficult.

 

[rbmrtn]

Once gave advice to someone, and they decided to go for paid online advice elsewhere. They installed a lot of crap remotely. Some of it was malware.

Recommendation to follow one line of advice is a good one. This thread has many answers, but applying things in a methodical way is difficult.

+1

I do this all the time but is difficult to give specific advice without actually seeing the "patient", all of the screen output, captured logs and test results.

The folks at bleepingcomputer are very good but they will surely need the log outputs from the tool runs.

Unfortunately you can spend weeks trying this and that, and even if it is recovered you never really know it's 100% ok. If things don't cleanup easily with a couple of runs of malwarebytes or combofix, then I would backup anything you can't afford to loose, reformat and reinstall. Such is life with wintendoze.

 

[target2019]

+1

I do this all the time but is difficult to give specific advice without actually seeing the "patient", all of the screen output, captured logs and test results.

The folks at bleepingcomputer are very good but they will surely need the log outputs from the tool runs.

Unfortunately you can spend weeks trying this and that, and even if it is recovered you never really know it's 100% ok. If things don't cleanup easily with a couple of runs of malwarebytes or combofix, then I would backup anything you can't afford to loose, reformat and reinstall. Such is life with wintendoze.

A mentor once told me, "prescription without diagnosis is malpractice." I usually visit my patients and only fix what I can put my hands on.

 

[easysurfer]

+1

I do this all the time but is difficult to give specific advice without actually seeing the "patient", all of the screen output, captured logs and test results.

The folks at bleepingcomputer are very good but they will surely need the log outputs from the tool runs.

Unfortunately you can spend weeks trying this and that, and even if it is recovered you never really know it's 100% ok. If things don't cleanup easily with a couple of runs of malwarebytes or combofix, then I would backup anything you can't afford to loose, reformat and reinstall. Such is life with wintendoze.

+1

The OP never did mention whether there was a restore disc or partition. I do agree though, at a certain point, if there is too much spinning of the wheels, IMO, it'll be easier to just save the important data externally than do a restore/reinstall. In the end, the act of creating all the logs, screen prints, testing might even take more effort than just saving the data and doing a restore/reinstall.

 

[travelover]

I hope you post your solution 'cause my redirect virus seems to be back.

 

[MichaelB]

I hope you post your solution 'cause my redirect virus seems to be back.

Really? That's too bad. At least this thread has enough helpful suggestions.

 

[travelover]

Really? That's too bad. At least this thread has enough helpful suggestions.

This one seems milder. It switched my default search engine in Firefox and messed around with a link that I was trying to post.